Add test for bounds in X509 DER write funcs

ChangeLog

@@ -5,8 +5,8 @@ mbed TLS ChangeLog (Sorted per branch, date)
 Security
    * Fix potential stack corruption in mbedtls_x509write_crt_der() and
      mbedtls_x509write_csr_der() when the signature is copied to the buffer
-     without checking whether there is enough space in the destination. It is
+     without checking whether there is enough space in the destination. The
-     not triggerable remotely in SSL/TLS.
+     issue cannot be triggered remotely.
 
 Bugfix
    * Fix an issue that caused valid certificates being rejected whenever an

tests/suites/test_suite_x509write.function

@@ -52,6 +52,10 @@ void x509_csr_check( char *key_file, char *cert_req_check_file,
     TEST_ASSERT( olen >= pem_len - 1 );
     TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
 
+    ret = mbedtls_x509write_csr_der( &req, buf, pem_len / 2,
+                            rnd_pseudo_rand, &rnd_info );
+    TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
 exit:
     mbedtls_x509write_csr_free( &req );
     mbedtls_pk_free( &key );
@@ -125,6 +129,10 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
     TEST_ASSERT( olen >= pem_len - 1 );
     TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 );
 
+    ret = mbedtls_x509write_crt_der( &crt, buf, pem_len / 2,
+                            rnd_pseudo_rand, &rnd_info );
+    TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
+
 exit:
     mbedtls_x509write_crt_free( &crt );
     mbedtls_pk_free( &issuer_key );